Reply

DNS: Single Level Domain Not Resolving

Expert
Posts: 15
6645     0

Infoblox is acting as our main DNS servers in our environment.  We have a few single level domains that are still being used for the time being until we can get them migrated to the new one.

 

Our problem that we found this morning was when someone tried to join the server to this domain, it failed.

 

We got to looking and noticed we did not have the three domain controllers added to our ACL list for Updates.  We have since added that, but still appear to have the same problem.

 

When we do an NSLOOKUP on our machine locally, we get an error saying the domain does not exist, but clearly does.

 

*** corp-infoblox01.abc.com can't find cfa-abc: Non-existent domain

 

I can run a DIG directly on the Infoblox devices:

 

;; QUESTION SECTION:
;cfa-abc.                     IN      A

;; ANSWER SECTION:
cfa-abc.              600     IN      A       10.1.20.101
cfa-abc.              600     IN      A       10.1.20.102
cfa-abc.              600     IN      A       10.1.20.140

;; Query time: 1 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Thu Mar 17 11:47:18 2016
;; MSG SIZE  rcvd: 75

I also verified that the A records for the zone also exist of the DC's.

 

I already have a ticket open with support, but thought I would see if anyone else had any suggestions.

 

Re: DNS: Single Level Domain Not Resolving

Community Manager
Community Manager
Posts: 248
6646     0

If the DCs were also the original DNS servers they may not have realised that the namservers have changed.

 

try clearing things out with these commands:

 

  dnscmd /resetforwarders 1.1.1.1 2.2.2.2.

  ipconfig /registerdns

 

It would also help to know the delegation path for the zones you are querying, and who is authoritative for the delegation points. What are the DCs using as their resolvers ?

 

Are they querying through resolvers that are authoritative for a parent domain and don't know about the delegation ?

 

  'dig +trace' is often the way to track this, but you MUST point the dig at the nameserver in the client resolver list, not the infoblox or some other random nameserver that may have the correct view of things.

 

 

Re: DNS: Single Level Domain Not Resolving

Expert
Posts: 15
6646     0
zone "cfa-abc" in { # cfa-abc
	type master;
	database infoblox_zdb;
	masterfile-format raw;
	file "azd/db.cfa-abc._default";
	allow-update { key DHCP_UPDATER_default; 10.1.20.102; 10.1.20.101; 10.1.20.140;  };
	notify yes;

The zone we are trying to resolve is the Authoritative Zone on Infoblox.  I should be able to run a simple nslookup of cfa-abc on my machine and resolve to an IP address and it isn't.

Re: DNS: Single Level Domain Not Resolving

Expert
Posts: 15
6646     0

We noticed that everything resolves fine from linux boxes.

On Windows however, we have a set of prefixes.  So when looking up cfa-abc it goes through the list and is trying to add a suffix to it.  So it is trying to lookup  "cfa-abc.cfa-abc".

 

If I append a period to the end of it, it ignores the suffixes and resolves correctly.

 

> cfa-abc.
Server:  corp-infoblox01.abc.com
Address:  10.1.20.149

Name:    cfa-abc
Addresses:  10.1.20.140
          10.1.20.101
          10.1.20.102

Re: DNS: Single Level Domain Not Resolving

Expert
Posts: 292
6646     0

I don't think AD works too well with a single label domain name, for instance it could revert to using NetBIOS rather than DNS, so if your WINS environment (remember that?) is not configured properly you could have failures. Also I believe Windows will not do DDNS updates if a single label domain is in use.

 

Have a look at this Microsoft article for various issues associated with this...

 

https://support.microsoft.com/en-gb/kb/300684

 

 

Paul Roberts
PCN (UK) Ltd

All opinions expressed are my own and not representative of PCN Inc./PCN (UK) Ltd. E&OE
Showing results for 
Search instead for 
Did you mean: 

Recommended for You